I’m trying to setup encrypted communication to a freshly installed Hassio (up-to-date) on a RPi 3 B which is running in a separate vlan. I don’t plan to expose any service outside of this vlan, using a vpn to dial in from my mobile or remote workstation which makes the use of LetsEncrypt or other signed certs an overkill.
I’m following the getting started guide for self signed certs at https://www.home-assistant.io/docs/ecosystem/certificates/tls_self_signed_certificate/
Configuration is pretty basic:
http:
api_password: !secret api-password
ssl_certificate: /somedir/certificate.pem
ssl_key: /somedir/privkey.pem
server_port: 8123
base_url: https://ip.address.here
Problem is I still get http access (and no https) and the following error in the logs:
File “/usr/local/lib/python3.6/site-packages/aiohttp/web_protocol.py”, line 275, in data_received
messages, upgraded, tail = self._request_parser.feed_data(data)
File “aiohttp_http_parser.pyx”, line 523, in aiohttp._http_parser.HttpParser.feed_data
aiohttp.http_exceptions.BadStatusLine: invalid HTTP method
The error repeats 3 times per request.
I’ve read through various forum threads with similar errors but I’ve seen no solution.
My question is should I try a non-hassio installation (i.e. on a linux box) and hope to get this fixed or should I opt for LetsEncrypt instead?
Thx.
just to add that changing the path to the certificate files to some non existing path doesn’t seem to affect anything - I get the same error.
My certificate files are stored in a subdirectory of the configuration directory of Hassio, so /config/the_certificate_dir/*.pem and they have the same read rights as the rest of the config files.
To close my own topic - after 4 days of tests I finally found a working solution:
- installed NGINX from the official Hass.io Add-on repository
- deleted the certificates created according to the Home Assistant tutorial
- created my own CA (actually reused previously created CA)
- created new certificate and key signed by my CA
- installed the certs in /ssl (mountable via the Samba add-on)
voila - hassio, nginx, self signed certificates, iOS - singing in a tree.
Without the CA part I could access hassio from the desktop but not from mobile.
Safari on iOS would complain that it didn’t trust the certificate.